commit 594215be6e00e1bb921497091213ed601df5e4f4
author Mateusz Starzyk <mateusz.starzyk@mobica.com> Thu Oct 14 12:23:06 2021 +0200
committer Mateusz Starzyk <mateusz.starzyk@mobica.com> Thu Oct 21 11:33:41 2021 +0200
tree 413042010d125e74c9b94b152edbc4eb739f77b7
parent bb2ced33dd8ff2b90aff907301cb4d1c0c7a06d9

Add support for CCM*-no-tag to PSA.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index dc80189..4ed6c91 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -424,6 +424,31 @@
     }
 #endif
 
+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
+    {
+        int set_lengths_result;
+        int ccm_star_mode;
+
+        set_lengths_result = mbedtls_ccm_set_lengths(
+                                (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                0, 0, 0 );
+        if( set_lengths_result != 0 )
+            return set_lengths_result;
+
+        if( ctx->operation == MBEDTLS_DECRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
+        else if( ctx->operation == MBEDTLS_ENCRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
+        else
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+
+        return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    ccm_star_mode,
+                                    iv, iv_len ) );
+    }
+#endif
+
     if ( actual_iv_size != 0 )
     {
         memcpy( ctx->iv, iv, actual_iv_size );
@@ -560,6 +585,15 @@
     }
 #endif
 
+#if defined(MBEDTLS_CCM_C)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM )
+    {
+        return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    input, ilen,
+                                    output, ilen, olen ) );
+    }
+#endif
+
 #if defined(MBEDTLS_CHACHAPOLY_C)
     if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
     {
@@ -947,6 +981,7 @@
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
         MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CCM == ctx->cipher_info->mode ||
         MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
         MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
     {

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ece64b1..67494dd 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3587,7 +3587,12 @@
       .core = slot->attr
     };
 
-    if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+    if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
+    {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
+    }
+    else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;

library/psa_crypto_cipher.c

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 2268fc5..acbbd5c 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -92,6 +92,9 @@
             case PSA_ALG_CBC_PKCS7:
                 mode = MBEDTLS_MODE_CBC;
                 break;
+            case PSA_ALG_CCM_STAR_NO_TAG:
+                mode = MBEDTLS_MODE_CCM;
+                break;
             case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
                 mode = MBEDTLS_MODE_CCM;
                 break;